“It seemed like just another ordinary day for a small online retailer in the Midwest. Little did they know that the simple click of an e-mail link was about to threaten the entire business. One of the company’s employees received an e-mail with a link to a seemingly benign catalog. One click and the company’s system was infected with Cryptowall malware that affected accounting software, customer account files, including credit card numbers, social security numbers, customer names and addresses among other information.
The accounting software and customer files did not live on the employee’s computer; it lived on the company’s network drive, so the malware was able to encrypt 15,000 accounting and customer files. A ransom demand soon followed, demanding $50,000 in exchange for a decryption key. The company’s backup systems had not been working for months, and with the virus proving impossible to remove without the loss of crucial company data, the company had no choice but to pay up.
But the decryption key didn’t work. Business came to a standstill. The owner could not afford to pay to rebuild the network systems. Six months later the company closed its doors, strangled by lack of sales and cashflow.
The U.S’ National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber attack. According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it’s over $1 million.
Recent events have proven that nobody is safe from the threat of cybercrime – not large corporations, small businesses, startups, government agencies or even presidential candidates.
Small and mid-sized businesses are hit by 62 percent of all cyber-attacks, about 4,000 per day, according to IBM. Cybercriminals target small businesses because they are an easy, soft target to penetrate. They steal information to rob bank accounts via wire transfers; steal customers’ personal identity information; file for fraudulent tax refunds; and, commit health insurance or Medicare fraud.
So what can you do besides pray and hope you’re not next?”